The October 2022 issue of IEEE Spectrum is here!

Close bar

Feds Preach Cybersecurity to Carmakers

New U.S. guidelines would defend connected cars, which today are sitting ducks

2 min read
cybersecurity for cars
iStockphoto

The U.S. traffic safety agency has firmly nudged carmakers into tightening their standards for cybersecurity. And if the nudge fails, then enforceable rules will surely follow.

For now, though, the National Highway Transportation Safety Administration is calling its list of best practices mere guidelines. NHTSA published them last Monday, exactly three months after two researchers showed what’s at stake by remotely commandeering a Jeep Cherokee driving on a highway. The researchers described their cyberattack at a conference held in August. And they talked about other vulnerabilities last week

The main theme of the guidelines is that auto companies should make cybersecurity a priority. That would mean sharing information with rivals, for instance by logging and relaying the details of an attack through “seamless and direct communication channels,” so that other companies can devise countermeasures.

It’s not easy to force such close cooperation: Technology is now the most competitive aspect of the auto business.

NHTSA also wants companies to give outside developers less access to engine control units (ECUs). If a developer needs such access to debug a system, then the developer should have an interface that allows tinkering only with the relevant system.

As cars begin to connect, first with the infrastructure and then with each other, the risk increases that any attack will snowball. NHTSA wants all communications with the outside world—like the GPS navigation system—to run along channels that bypass ECUs.

One may wonder, though, exactly what scenario keeps NHTSA cybersecurity experts up at night. Today, if bad guys want to attack a car from a distance, they can (and do) use remotely controlled IEDs. So maybe the real threat is not to our bodies but to our digital secrets: A connected car may lead criminals to our bank accounts. And, as Willie Sutton said, that’s where the money is.

The Conversation (0)

We Need More Than Just Electric Vehicles

To decarbonize road transport we need to complement EVs with bikes, rail, city planning, and alternative energy

11 min read
A worker works on the frame of a car on an assembly line.

China has more EVs than any other country—but it also gets most of its electricity from coal.

VCG/Getty Images
Green

EVs have finally come of age. The total cost of purchasing and driving one—the cost of ownership—has fallen nearly to parity with a typical gasoline-fueled car. Scientists and engineers have extended the range of EVs by cramming ever more energy into their batteries, and vehicle-charging networks have expanded in many countries. In the United States, for example, there are more than 49,000 public charging stations, and it is now possible to drive an EV from New York to California using public charging networks.

With all this, consumers and policymakers alike are hopeful that society will soon greatly reduce its carbon emissions by replacing today’s cars with electric vehicles. Indeed, adopting electric vehicles will go a long way in helping to improve environmental outcomes. But EVs come with important weaknesses, and so people shouldn’t count on them alone to do the job, even for the transportation sector.

Keep Reading ↓Show less